【Android O】 Service AAA does not have a SELinux domain defined

在init.AAA.rc里面添加了一个脚本启动的服务:

service AAA /vendor/bin/sh /vendor/etc/AAA_spec.sh
user root
group root
disabled
oneshot

on post-fs-data
start AAA

在系统启动时通过dmesg | grep init查看发现出现:Service AAA does not have a SELinux domain defined

解决方法:

1.在devices/vendorxxx/sepolicy/common/目录下新增AAA.te文件,内容如下:

type AAA, domain; 

type AAA_exec, exec_type, vendor_file_type,file_type; 

init_daemon_domain(AAA)

allow AAA vendor_shell_exec:file { entrypoint };

2.在devices/vendorxxx/sepolicy/Android.mk文件中添加:

BOARD_SEPOLICY_DIRS += devices/vendorxxx/sepolicy/common/

3.在devices/vendorxxx/sepolicy/common/file_contexts中添加:

##add for AAA file permission##
/(vendor|system/vendor)/etc/AAA_spec\.sh u:object_r:AAA_exec:s0

4.在init.AAA.rc里面对应的service里面添加:

service AAA /vendor/bin/sh /vendor/etc/AAA_spec.sh
user root
group root
disabled
oneshot
seclabel u:r:carrier_switcher:s0

5.编译并烧录bootimage,若编译报错注意解决neverallow冲突

6.系统起来时如发现avc则逐一添加allow策略语句

 

补充:

在Android P上创建hal服务还需要在te文件中添加如下两行:

hwbinder_use(hal_XXXX)
get_prop(hal_XXXX, hwservicemanager_prop)

 

posted @ 2018-01-22 14:26  克林斯顿  阅读(1619)  评论(0编辑  收藏  举报